Privacy Policy
Effective Date: April 19, 2026
FaceOracle (the 'Service') is an entertainment-oriented Style Mood Report service that interprets the visual vibe of a photo. It is not a medical or legal diagnostic tool, and it cannot be used to make sensitive decisions such as hiring, admissions, lending, or security authentication. This policy transparently describes what information is collected, how it flows through the service, retention windows, cookie and ad-related data use, and your rights.
1. Information We Collect and Why
We process the following data: • Uploaded selfie image (for generating your AI face-vibe report) • Analysis result text and a 200×200 thumbnail (temporary storage for share links) • Request metadata (timestamp and IP address are logged for rate limiting and incident response). Your face image and analysis results are used solely to generate and store your own report. They are NOT used for ad targeting, ad personalization, profiling, or training machine-learning models. They are also NOT used for facial recognition, identity verification, or biometric enrollment.
2. Image Retention
• The uploaded original image is never persisted to disk or a database. It is discarded after analysis — released from server memory as soon as the Anthropic Claude AI API call completes. • When a share link is generated, a 200×200 thumbnail and the result JSON are stored in Redis (Upstash) with a 24-hour TTL, after which they are automatically deleted. • Server logs (IP, timestamps, error stacks) may be retained for operational purposes for a limited period. • The Service does not determine anyone's real personality, ability, health, identity, age, gender, nationality, or race from the uploaded image.
3. Third-Party Transfers
• Anthropic Claude AI API: the uploaded image (resized to 800px) is sent for analysis. Anthropic's handling of commercial API data is governed by their privacy policy and commercial terms. • Celebrity vibe-reference cards are rendered as text-only style-mood-type cards. We do NOT render third-party celebrity photos (from Wikipedia, Naver Images, or anywhere else), and your face image is never forwarded to external image-search services. • Vercel / Upstash Redis: used for hosting and temporary result storage.
4. Cookies, Local Storage, and Identifiers
The Service may use cookies, local storage, and similar identifiers for: • Storing preferences like language, consent state, and the most recent selfie thumbnail (browser local storage). • Auto-detecting country and applying rate limits (a `country` cookie set by our edge middleware). • Anonymous visit analytics via Google Analytics (G-PM8B8JFRR8) — page views, session duration, and coarse device info. This does not identify individuals. • Advertising delivery and measurement — cookies, local storage, IP address, and device identifiers used by Google and its ad partners (see Section 5 below). You can block these technologies in your browser settings, and opt out of personalised ads as described in Section 5.
5. Advertising (Google AdSense) — image-use policy and ad-tech behaviour, clearly separated
This section separates two independent facts that must not be confused. [A] How your face image and analysis results are NOT used for ads • Uploaded face images and analysis results are used solely to generate your report. • They are NEVER used for ad personalization, ad targeting, profiling, or machine-learning training. • No AdSense script is injected on the upload, loading, result, share-deletion, error, legal-notice, or daily-fortune pages. lib/ad-config.ts and components/AdsenseScriptGate.tsx enforce this at runtime. [B] How Google ad tech operates on ad-eligible content pages (blog, guide, about, FAQ, etc.) On those pages only, Google AdSense may run, and the following can occur: • **Third-party vendors.** Third-party ad vendors, including Google, may use cookies, web beacons, IP addresses, or other identifiers to serve ads based on your prior visits to this and other websites. • **DoubleClick / ad cookies.** Google uses cookies such as the DART cookie to serve ads based on visits to this site and other sites on the internet. • **Data processed for ads.** To serve ads, cookies, local storage, device identifiers, IP address, browser and device information, coarse location, and page-activity data may be processed by Google and its advertising partners. • **Personalised vs non-personalised ads.** Whether you see personalised or non-personalised ads depends on your consent state. In the EEA, UK, and Switzerland, ads default to **non-personalised** until consent is given. We use Google Consent Mode v2 so this default is enforced at the ad-serving layer. • **Opt-out paths.** You can disable personalised ads at Google Ads Settings (https://adssettings.google.com), via Your Online Choices (https://www.youronlinechoices.eu), or at https://www.aboutads.info/choices. Browser cookie-blocking also works. • **Ad-partner list.** Google's list of ad partners is available at https://support.google.com/adsense/answer/9012903. Important: the ad tech described in [B] never receives your uploaded face image as input. [A] and [B] are separate systems — there is no code path from your face image into the advertising stack.
6. Biometrics and Sensitive Attributes
• Face images are treated as potentially sensitive information and are only processed after you explicitly agree via the upload consent checkbox. • Uploaded images are not used to build facial recognition templates (faceprints) or to register you in any biometric database. • We do not attribute or export sensitive attributes — gender, nationality, race, health, religion, or sexual orientation — about users. • All result categories are entertainment content, interpreting the visual impression of the image for fun only. They do not determine actual personality, ability, health, identity, age, gender, nationality, or race. • You may only upload your own photo or a photo of someone who has given you permission.
7. Your Rights and Deletion Requests
• Shared results are auto-deleted 24 hours after creation. • To request immediate deletion before the 24-hour TTL, email yuseong2099@gmail.com with the result ID (the /result/<id> portion of the URL). We will delete it as promptly as possible. • You may also request deletion of log data (IP, etc.) via the same email.
8. Minors and Photos of Others
• Users under 14 years old must use the Service with a parent or guardian's consent. • You may only upload photos of yourself or photos for which you have the subject's consent. Unauthorized uploads of others' photos are prohibited, and the uploader is solely responsible for any consequences.
9. Security
The Service employs reasonable security measures including HTTPS, environment-variable-based API key management, and rate limiting. No internet-based service can guarantee absolute security, however.
10. Changes to this Policy
This policy may be updated to reflect changes in law or service operations. Material changes will be announced in-service.
11. Contact
For privacy questions, deletion requests, or other inquiries: 📧 yuseong2099@gmail.com